
Agent Goal Hijacking OWASP: Top Agentic AI Risk Explained
Agent goal hijacking is the OWASP ASI01 risk where an attacker redirects an AI agent from its intended objective toward a malicious or unauthorized outcome. The practical danger is not a weird answer; it is an autonomous workflow using tools, identity, memory, or production APIs to do the wrong thing. What Is Agent Goal Hijacking? Agent goal hijacking is an attack where malicious input changes an AI agent’s objective, plan, or decision path so the agent pursues the attacker’s goal instead of the user’s intended goal. OWASP ranks this as ASI01 in the OWASP Top 10 for Agentic Applications 2026, a peer-reviewed framework built with input from more than 100 experts. The risk matters because modern agents do more than generate text: they browse pages, read tickets, query RAG indexes, call APIs, update records, create pull requests, and send messages. A hijack can start with one hostile paragraph in a web page, PDF, email, or tool response, then unfold across several steps as the agent plans and acts. The core takeaway is simple: agent goal hijacking turns untrusted content into control-plane input for software that can take real actions. ...

